CVE-2020-8022

Name of the Vulnerable Software and Affected Versions tomcat versions prior to 8.0.53-29.32.1 tomcat versions prior to 9.0.35-3.39.1 tomcat versions prior to 9.0.35-3.57.3

Description A vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue is related to incorrect default permissions in the /usr/lib/tmpfiles.d/tomcat.conf component of the tomcat package.

Recommendations For tomcat versions prior to 8.0.53-29.32.1, update to version 8.0.53-29.32.1 or later. For tomcat versions prior to 9.0.35-3.39.1, update to version 9.0.35-3.39.1 or later. For tomcat versions prior to 9.0.35-3.57.3, update to version 9.0.35-3.57.3 or later.